NEWS

Wednesday 6 June, 2018

Important Notification – Re: PageUp

Programmed takes the protection of its employee and candidate data very seriously. It applies and requires its external supplier partners to apply the highest standards of security to ensure that personal information is protected from unauthorised access. Regrettably, one of our providers of recruitment and human resource process technology, PageUp, has advised that it has detected unauthorised activity on its IT infrastructure. Programmed is disappointed that this issue has occurred and whilst at this stage there is no evidence that any Programmed employee or candidate data has been accessed, we feel it is important to keep you informed about this notification.

What does PageUp’s website say about the unauthorised activity it has detected?

On 5 June 2018, PageUp provided the following notification on its website:

“As part of our commitment to keeping our global community of users and partners informed, we wish to advise you of unauthorised activity discovered on the PageUp system.

On May 23, 2018, PageUp detected unusual activity on its IT infrastructure and immediately launched a forensic investigation. On May 28, 2018 our investigations revealed that we have some indicators that client data may have been compromised, a forensic investigation with assistance from an independent 3rd party is currently ongoing.

We take cyber security very seriously and have been working together with international law enforcement, government authorities and independent security experts to fully investigate the matter.

There is no evidence that there is still an active threat, and the jobs website can continue to be used. All client user and candidate passwords in our database are hashed using bcrypt and salted, however, out of an abundance of caution, we suggest users change their password.

We apologise for any concerns and inconvenience this incident has caused and have developed the below FAQs to help address any queries the community may have. These FAQs will be updated as any new information arises, and should serve as the central destination for updates about this matter. Thank you.”

How does Programmed use PageUp?Programmed uses the PageUp systems to recruit and on-board its in-house salaried and administration roles and its maintenance trades workforce. It does not use these systems in the recruitment of its on-hire field employees in the staffing businesses. Programmed has been using the PageUp system since 1 January 2006 to source and more recently on-board new hires. In most instances the information contained relates only to personal identifiers such as names, addresses and contact details. In some instances other information provided by applicants such as copies of documents, tax file numbers and banking details are included.

Has your personal information been accessed?At this time we have no evidence of any Programmed applicant / employee data having been compromised or having been used in any unauthorised way. It is also important to note that Programmed’s actual payroll systems are independent of the PageUp system and they remain unaffected.

What is Programmed doing about it?

Programmed is monitoring the situation very carefully and working with PageUp to protect your personal information. In addition, we have notified the Office of the Australian Information Commissioner (OAIC) that PageUp holds personal information of some of Programmed’s employees and candidates and we will continue to work with the authorities. As a precautionary measure, we have implemented additional security around our payroll operations to tighten up its identity verification processes where it is requested to change any bank account details.

What steps can you take?

Programmed advises you to:1. Investigate any unusual or different alerts or actions within your own online profiles and activities which may suggest someone is using your identity information.2. Be mindful of any unexpected activity in relation to your banking and if you see anything unusual report this to your financial institution immediately.3. Be mindful of attempts to scam you or family members via email and / or phone calls.

Should you wish to contact Programmed regarding this matter or to report any suspicious activity regarding your banking or use of personal data, please email privacyenquiry@programmed.com.au with the subject heading “PageUp” and we will respond to you within 24 hours.